diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-10-06 14:38:51 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-10-07 04:09:29 +0000 |
commit | fdf35d0b476089cb2c08bc13ac5dda2782d505cd (patch) | |
tree | 3f2fba4157c38cd269a8690a9dbebbd698163dbd /board/cr50/dcrypto | |
parent | b0c5e43185183ef71e07c569e362c28ec3c82ba2 (diff) | |
download | chrome-ec-fdf35d0b476089cb2c08bc13ac5dda2782d505cd.tar.gz |
cr50: switch CR50_DEV in FIPS module to branches of CRYPTO_TEST
Due to limited space available with CR50_DEV=1, move some of crypto
related functionality which was under CR50_DEV to branches of
CRYPTO_TEST=1, namely:
- SELF_TEST=1 to print self-integrity hashes
- U2F_VERBOSE=1 to print debug information from U2F key generation.
Config options sorted alphabetically in ENV_VARS and in processing
order.
BUG=None
TEST=make BOARD=cr50 CR50_DEV=1
make BOARD=cr50 CRYPTO_TEST=1 SELF_TEST=1
make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1 U2F_VERBOSE=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I66485b2d1fff8c0947aaf31c93348a16101f14b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3209647
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/dcrypto')
-rw-r--r-- | board/cr50/dcrypto/fips.c | 8 | ||||
-rw-r--r-- | board/cr50/dcrypto/u2f.c | 12 |
2 files changed, 12 insertions, 8 deletions
diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c index 5e9422d2c3..2ea98187c4 100644 --- a/board/cr50/dcrypto/fips.c +++ b/board/cr50/dcrypto/fips.c @@ -642,18 +642,22 @@ static bool call_on_stack(void *new_stack, bool (*func)(void)) const struct sha256_digest fips_integrity __attribute__((section(".rodata.fips.checksum"))); +#ifndef SELF_INTEGRITY_TEST +#define SELF_INTEGRITY_TEST 0 +#endif + static enum dcrypto_result fips_self_integrity(void) { struct sha256_digest digest; size_t module_length = &__fips_module_end - &__fips_module_start; -#ifdef CR50_DEV +#if SELF_INTEGRITY_TEST CPRINTS("FIPS self-integrity start %x, length %u", (uintptr_t)&__fips_module_start, module_length); #endif SHA256_hw_hash(&__fips_module_start, module_length, &digest); -#ifdef CR50_DEV +#if SELF_INTEGRITY_TEST CPRINTS("Stored: %ph", HEX_BUF(fips_integrity.b8, SHA256_DIGEST_SIZE)); CPRINTS("Computed: %ph", diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c index 4cd267ac61..1b2fc4f17c 100644 --- a/board/cr50/dcrypto/u2f.c +++ b/board/cr50/dcrypto/u2f.c @@ -3,7 +3,7 @@ * found in the LICENSE file. */ -#if defined(CRYPTO_TEST_SETUP) || defined(CR50_DEV) +#if defined(CRYPTO_TEST_SETUP) #include "console.h" #endif @@ -55,7 +55,7 @@ static void u2f_origin_user_mac(const struct u2f_state *state, HMAC_SHA256_update(&ctx, origin_seed, U2F_ORIGIN_SEED_SIZE); if (kh_version == U2F_KH_VERSION_1) HMAC_SHA256_update(&ctx, &kh_version, sizeof(kh_version)); -#ifdef CR50_DEV_U2F_VERBOSE +#ifdef U2F_DEV_VERBOSE ccprintf("origin %ph\n", HEX_BUF(origin, U2F_APPID_SIZE)); ccprintf("user %ph\n", HEX_BUF(user, U2F_USER_SECRET_SIZE)); ccprintf("origin_seed %ph\n", @@ -63,7 +63,7 @@ static void u2f_origin_user_mac(const struct u2f_state *state, cflush(); #endif memcpy(kh_hmac, HMAC_SHA256_final(&ctx), SHA256_DIGEST_SIZE); -#ifdef CR50_DEV_U2F_VERBOSE +#ifdef U2F_DEV_VERBOSE ccprintf("kh_hmac %ph\n", HEX_BUF(kh_hmac, SHA256_DIGEST_SIZE)); cflush(); #endif @@ -248,7 +248,7 @@ static enum ec_error_list u2f_origin_user_key_pair( else if (result != DCRYPTO_OK) return EC_ERROR_HW_INTERNAL; -#ifdef CR50_DEV_U2F_VERBOSE +#ifdef U2F_DEV_VERBOSE ccprintf("user private key %ph\n", HEX_BUF(d, sizeof(*d))); cflush(); if (pk_x) @@ -449,7 +449,7 @@ u2f_attest_keyhandle_pubkey(const struct u2f_state *state, p256_to_bin(&opk_y, kh_pubkey.y); kh_pubkey.pointFormat = U2F_POINT_UNCOMPRESSED; -#ifdef CR50_DEV_U2F_VERBOSE +#ifdef U2F_DEV_VERBOSE ccprintf("recreated key %ph\n", HEX_BUF(&kh_pubkey, sizeof(kh_pubkey))); ccprintf("provided key %ph\n", HEX_BUF(public_key, sizeof(kh_pubkey))); #endif @@ -632,7 +632,7 @@ enum ec_error_list u2f_attest(const struct u2f_state *state, /* Derive G2F Attestation Key. */ if (!g2f_individual_key_pair(state, &d, &pk_x, &pk_y)) { -#ifdef CR50_DEV +#ifdef U2F_DEV_VERBOSE ccprintf("G2F Attestation key generation failed\n"); #endif return EC_ERROR_HW_INTERNAL; |